sim-swap

Pink Drainer was a Drainer-as-a-Service (DaaS) phishing toolkit that operated from approximately July 2023 to May 2024, facilitating the theft of over $85.3 million in cryptocurrency from more than 21,000 victims across Ethereum and other networks. The operators ran the service by licensing a sophisticated wallet-draining script to affiliate phishers for a 20-30% cut of stolen proceeds, then announced a voluntary shutdown on May 17, 2024, citing their goal as 'accomplished.'

Friend.tech was a SocialFi application launched on Coinbase's Base L2 in August 2023 that allowed users to buy and sell tokenized 'keys' (shares) of social media influencers. The platform suffered a wave of SIM-swap attacks draining at least 343 ETH from users, exposed wallet addresses of 101,000 users via an API data breach, launched its FRIEND token in May 2024 which collapsed 98% within months, and was ultimately abandoned by its pseudonymous founders in September 2024 after they extracted approximately $44 million in protocol fees.

Kroll Restructuring Administration LLC served as the court-appointed claims and noticing agent for the FTX, BlockFi, and Genesis bankruptcy proceedings. On August 19, 2023, a threat actor executed a SIM swap attack against a Kroll employee's T-Mobile account, gaining unauthorized access to files containing the personal data of tens of thousands of crypto bankruptcy claimants. The exposed data was subsequently exploited in large-scale phishing and social engineering campaigns, with blockchain investigator ZachXBT estimating total losses attributable to the breach at eight to nine figures, and at least one alleged perpetrator — Danish Zulfiqar, also known as 'Danny' — was arrested in Dubai in late 2025 on RICO charges related to a broader $263 million social engineering conspiracy.

ANDY is a meme token launched on the Base (Ethereum L2) network in 2024, built around the 'boy's club' internet meme character. Blockchain investigator ZachXBT documented a theft of approximately $2 million in ANDY tokens from a victim's wallet in June 2024, with the perpetrator converting roughly half the stolen funds to Ethereum. CertiK's Skynet platform assigned the token a score of 2.7 out of 100, indicating serious security and governance deficiencies. Allegations that individuals associated with the token conducted SIM-swap attacks targeting Korean-American crypto holders have been attributed to ZachXBT's flagging but remain unconfirmed by independently verifiable Tier 1 or Tier 2 sources.

Andy Ayrey is a New Zealand-based AI researcher and self-described performance artist who created Truth Terminal, an autonomous AI chatbot that became closely associated with the Goatseus Maximus (GOAT) memecoin, which briefly reached a $900M–$1B market cap in late 2024. Ayrey disclosed holding 1.25 million GOAT tokens gifted to him and pledged not to trade on insider knowledge, later establishing a non-profit foundation (Truth Collective) to manage the AI's holdings. ZachXBT's involvement concerns the October 2024 SIM-swap hack of Ayrey's X account — which third-party hackers exploited to deploy scam memecoins netting over $1.5M — rather than direct fraud allegations against Ayrey himself; however, broader ethical concerns persist around the gray-area ecosystem of AI-agent-driven memecoin promotion that Truth Terminal helped legitimize.

Vitalik Buterin is the legitimate co-founder of Ethereum and is not himself a scam actor. However, his name, likeness, and social media presence constitute one of the most heavily weaponized impersonation surfaces in crypto. Documented threats include a September 2023 SIM-swap of his X account (linked to Pink Drainer, resulting in ~$691K stolen from followers), persistent fake giveaway livestreams on YouTube, thousands of fraudulent Instagram accounts, and an escalating campaign of AI-generated deepfake videos distributing wallet-drainer phishing links.